Step By Step Office Dropper Dissection
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Connection Proxy - T1090 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID eda9f03d-8c1d-4767-9f17-670b3718b460
Fingerprint 26512b306ce143b0
Analysis status DONE
Considered CTI value 2
Text language
Published April 5, 2019, 7:41 a.m.
Added to db Jan. 18, 2023, 10 p.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline Step By Step Office Dropper Dissection
Title Step By Step Office Dropper Dissection
Detected Hints/Tags/Attributes 38/2/20
Source URLs
Redirection Url
Details Source https://marcoramilli.com/2019/04/05/step-by-step-office-dropper-dissection/
URL Provider
Details Provider Source level domain
Details marcoramilli.com marcoramilli.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
www.bilgiegitimonline.com
Details Domain 48 
apps.identrust.com
Details File 1209 
powershell.exe
Details File 1206 
index.php
Details File 1 
dstrootcax3.p7c
Details File 7 
whoami.php
Details sha256 1 
21b2b7e92c8f7e405062af2ecca54753fb6fe4f93000d262cd1bae4f89c81310
Details sha256 1 
78b24079bb6243c1db098f238aef726bad1eec427fe2e4d414fb1d38223775ac
Details sha256 1 
895818b8bbccd92810494ca75a612bf63ccb184c34fc0048072c37fe6546dcf0
Details IPv4 4 
134.249.116.78
Details IPv4 1 
173.50.48.59
Details IPv4 1 
82.73.220.225
Details Url 1 
http://www.bilgiegitimonline.com/wp-admin/mxwp
Details Url 1 
http://134.249.116.78/index.php
Details Url 1 
http://apps.identrust.com/roots/dstrootcax3.p7c
Details Url 1 
http://173.50.48.59:443/whoami.php
Details Url 1 
http://173.50.48.59:443
Details Url 1 
http://82.73.220.225/results/iplk
Details Url 1 
http://82.73.220.225/jit
Details Url 1 
http://82.73.220.225/vermont/health